AUDIT_SET_ENABLED(3) Linux Audit API AUDIT_SET_ENABLED(3)NAMEaudit_set_enabled - Enable or disable auditing
int audit_set_enabled (int fd, int enabled);
DESCRIPTIONaudit_set_enabled is used to control whether or not the audit system is
active. When the audit system is enabled (enabled set to 1), every
syscall will pass through the audit system to collect information and
potentially trigger an event.
If the audit system is disabled (enabled set to 0), syscalls do not
enter the audit system and no data is collected. There may be some
events generated by MAC subsystems like SE Linux even though the audit
system is disabled. It is possible to suppress those events, too, by
adding an audit rule with flags set to AUDIT_FILTER_TYPE.
The return value is <= 0 on error, otherwise it is the netlink sequence
id number. This function can have any error that sendto would
SEE ALSOaudit_add_rule_data(3), auditd(8).
Red Hat Oct 2006 AUDIT_SET_ENABLED(3)